Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cloudflare — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting cloudflare. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by cloudflare:WARPoctorpkiquicheWARP ClientWranglerhttps://github.com/cloudflare/pingoraCIRCLcloudflaredodoh-rsgokeyworkers-sdkCloudflare-WordPresszlibminiflaretokio-boringlol-htmlcfntslua-resty-jsonworkerdgoflowCloudflare WARP for Windows
CVE IDTitleCVSSSeverityPublished
CVE-2026-2836 Cache poisoning via insecure-by-default cache key — https://github.com/cloudflare/pingora 6.5AIMediumAI2026-03-04
CVE-2026-2835 HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing — https://github.com/cloudflare/pingoraCWE-444 7.5AIHighAI2026-03-04
CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade — https://github.com/cloudflare/pingoraCWE-444 7.5AIHighAI2026-03-04
CVE-2026-1229 Incorrect calculation in CIRCL secp384r1 CombinedMult — CIRCLCWE-682 7.5AIHighAI2026-02-24
CVE-2026-0933 OS Command Injection in `wrangler pages deploy` — WranglerCWE-20 9.8AICriticalAI2026-01-20
CVE-2025-13353 gokey allows secret recovery from a seed file without the master password — gokeyCWE-330 9.1AICriticalAI2025-12-02
CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server — workers-sdkCWE-200 5.5 -2025-09-19
CVE-2025-7054 Infinite loop triggered by connection ID retirement — quicheCWE-835 6.5AIMediumAI2025-08-07
CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges — quicheCWE-770 7.5 High2025-06-18
CVE-2025-4820 Incorrect congestion window growth by optimistic ACK — quicheCWE-770 5.3 Medium2025-06-18
CVE-2021-3978 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki — octorpkiCWE-269 7.5 High2025-01-29
CVE-2025-0651 File symlink abuse might lead to deleting files belonging to SYSTEM user — WARPCWE-269 7.1 -2025-01-22
CVE-2024-1410 Unbounded storage of information related to connection ID retirement, in quiche — quicheCWE-400 3.7 Low2024-03-12
CVE-2024-1765 Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche — quicheCWE-400 5.9 Medium2024-03-12
CVE-2024-0212 Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users) — Cloudflare-WordPressCWE-284 8.1 High2024-01-29
CVE-2023-6992 Memory corruption issues is Cloudflare zlib implementation — zlibCWE-20 4.0 Medium2024-01-04
CVE-2023-7080 Arbitrary remote code execution within wrangler dev Workers sandbox — wranglerCWE-269 8.5 High2023-12-29
CVE-2023-7079 Arbitrary remote file read in Wrangler dev server — wranglerCWE-287 6.4 Medium2023-12-29
CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare — miniflareCWE-918 7.5 High2023-12-29
CVE-2023-6193 Unbounded queuing of path validation messages in cloudflare-quiche — quicheCWE-400 5.3 Medium2023-12-12
CVE-2023-6180 Resource exhaustion via memory leak in tokio-boring — tokio-boringCWE-400 5.3 Medium2023-12-05
CVE-2023-3747 Insufficient Validation on Override Codes for Always-Enabled WARP Mode — WARP ClientCWE-602 5.5 Medium2023-09-07
CVE-2023-0654 Spoofing User's Activity Loads in WARP Mobile Client (Android) — WARP ClientCWE-1021 3.9 Low2023-08-29
CVE-2023-0238 Injecting Activity Loads in WARP Mobile Client — WARP ClientCWE-200 3.9 Low2023-08-29
CVE-2023-4241 lol-html panics on certain HTML inputs — lol-htmlCWE-20 7.5 High2023-08-16
CVE-2023-2754 Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client — WARPCWE-319 7.4 High2023-08-03
CVE-2023-3766 Invalid Slice Split Results in Server Panic — odoh-rsCWE-120 5.9 Medium2023-08-03
CVE-2023-3348 Directory traversal vulnerability in Cloudflare Wrangler — WranglerCWE-22 5.7 Medium2023-08-03
CVE-2023-1862 Remote access to warp-svc.exe in Cloudflare WARP — WARP ClientCWE-284 7.3 High2023-06-20
CVE-2023-3040 Out of Bounds Access Leading to Undefined Behavior — lua-resty-jsonCWE-125 3.7 Low2023-06-14

This page lists every published CVE security advisory associated with cloudflare. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.